DHS and Cyber: What Should Companies Expect?
On April 8, 2025, a sweeping rule issued by the US Department of Justice (DOJ) will take effect. The rule imposes restrictions—and in some cases, outright prohibitions—on US companies in connection with certain types of data...more
The U.S. Department of Homeland Security (DHS) recently published new security requirements for certain restricted transactions covered by the U.S. Department of Justice’s (DOJ) sensitive data export rules. ...more
Cybersecurity and national security collided in significant ways in 2024, with governments and private-sector entities grappling with the legal, technical, and policy challenges of a rapidly evolving cyber landscape....more
2024 was a record year for cyberattacks in the healthcare sector. According to the Breach Portal maintained by the U.S. Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”), to date this year, there...more
U.S. authorities have increased warnings of threats to critical infrastructure from Russian sources and have laid the groundwork for 72-hour reporting requirements for critical infrastructure organizations. At the end of...more
Regulatory Developments - Agencies Issue Joint Proposal to Strengthen and Modernize CRA Regs - On May 5, the FDIC, the FRB and the OCC issued a joint Notice of Proposed Rulemaking (NPR) to “strengthen and modernize” the...more
A proposed $1M civil penalty against Colonial Pipeline for its procedural failures during a ransomware attack could indicate what’s in store for critical infrastructure operators who fail to keep employees up to date on how...more
On March 18, 2022, President Biden issued a letter to California Gov. Gavin Newsom (the “March 18th letter”) requesting that he secure California’s computer systems and critical infrastructure in light of recent Russian...more
Last month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Energy (DOE) issued a joint advisory providing “information on multiple...more
On March 24, 2022, the Department of Justice unsealed two indictments charging four Russian government employees in two hacking campaigns that targeted critical infrastructure in the energy sector. We cover these indictments...more
What You Need to Know- •The Strengthening American Cybersecurity Act will impose cyber incident and ransomware attack response protocol for a broad spectrum of businesses operating in numerous core industry sectors of the...more
What You Need to Know- •President Biden has called upon private sector businesses to take specific steps to implement certain “best practices” aimed at minimizing their cybersecurity risks in light of heightened concerns...more
The potential for malicious cyber activity has been a concern for the Biden administration throughout the evolving crisis in Ukraine (including the imposition of sanctions against Russia). In response to the concern, the...more
On Feb. 24, 2022, Russia launched a large-scale military incursion into Ukraine. By all accounts, the Russian offensive attacked on multiple fronts, including against Ukraine’s network computers and communication systems. The...more
The U.S. Cybersecurity & Infrastructure Agency (CISA) has issued a rare “shields up” warning regarding cybersecurity attacks, saying that every organization, of every size, should be prepared to respond to disruptive cyber...more
Russia’s full-scale military invasion of Ukraine is raising cybersecurity risks for American businesses. Corporate America must take immediate additional precautions to protect their networks in light of what is quickly...more
What: Cleared Defense Contractors (CDCs) are being actively targeted by Russian state-sponsored cyber activity, according to a Joint Cybersecurity Advisory from the Federal Bureau of Investigation (FBI), National Security...more
Report on Patient Privacy 22, no. 2 (February, 2022) - Tensions between the U.S. and Russia could lead to a heightened risk of Russian state-sponsored cyberattacks on U.S. interests, including health care organizations,...more
Selected Developments in U.S. Law - SEC Proposed Rule Will Require Private Funds to Report Certain Cyber Events On January 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules to enhance hedge fund...more